[whatwg] input element's value should not be sanitized during parsing

Jonas Sicking jonas at sicking.cc
Tue Sep 21 13:18:09 PDT 2010


On Tue, Sep 21, 2010 at 9:13 AM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 9/21/10 5:09 AM, James Graham wrote:
>>
>> It is described as a single step in the spec, which I take to imply that
>> it should behave as a single operation from the point of view of the
>> rest of the spec.
>
> That doesn't work if your parser and DOM aren't very very _very_ tightly
> coupled, since there are no DOM APIs to "atomically" set a bunch of
> attributes.
>
> So yes, if the spec implies that this is what's supposed to happen here then
> it needs to be _very_ explicit about that.

Also, it would mean that the following two pieces of code behaves differently:

inp = document.createElement("input");
inp.setAttribute("value", "foo\nbar");
inp.setAttribute("type", "hidden");

and

inp = document.createElement("input");
inp.setAttribute("type", "hidden");inp.setAttribute("value", "foo\nbar");
This does not seem desirable.

/ Jonas



More information about the whatwg mailing list